Remote monitoring of user input devices

ABSTRACT

A precision data capture recorder/security device non-intrusively and precisely captures and records information from computerized input devices (e.g., computer keyboards and mouses). Information collected by a data capture recorder co-located with a client can be precisely date and time tag user input to a user interface (e.g., keyboard) and transmitted to a base collection station for archiving and analysis. Archived information provides accurate history logs for regulatory audit compliance, data security, and system administrative troubleshooting. Analysis can help determine whether user data input patterns at the user interface are authorized.

FIELD OF THE INVENTION

The present invention is generally related to system and methods forproviding data security and auditing capabilities using networkedcomputer systems. The present invention is also generally related tosystems and methods for capturing keyboard keystrokes, monitoring inputdevices and monitoring information. More particularly, the presentinvention is related to a security device that non-intrusively capturesand records information from computerized input devices such askeyboards and mouses, wherein the collected information can be preciselydate and time tagged to provide accurate history logs for regulatoryaudit compliance, data security, and system administrativetroubleshooting.

BACKGROUND

Monitoring all of the disparate security devices across an enterprisecan be an over-whelming and daunting task. Despite spending on largeamounts of resources for information technology (IT), in particularnetwork and data security, current software tools are often found to becomplex, expensive, inefficient given the typical generation of largeamounts of unusable data, and significantly degrade computerperformance. Yet there is a growing need where computer system andcritical data are concerned to monitor super users of enterprisecomputer systems, maintain regulatory compliance within business sectorslike stock trading and financial services, and data input as it pertainsto computer system troubleshooting and data recovery. The monitoring ofcomputer super users in particular is problematic because super users ofa company's main computer systems typically already have complete access(via access/security codes) to all of the information technologyresources and files within a company's computer system, includingsensitive financial information and propriety data. Furthermore,software programs that enable monitoring are typically installed by thevery super users having knowledge about how the same monitoring softwarecan be temporarily disabled or bypassed.

As for an enterprise's ability to maintain regulatory compliance, majorcorporate and accounting scandals such as those well known financialproblems that affected Enron, Tyco International, Peregrine Systems andWorldCom have caused changes in United States federal laws. Alleged andproven scandals by directors of these corporations resulted in a declineof public trust in accounting and reporting practices. In a more recentscandal, Société Générale, one of France's largest and most respectedbanks, lost over $7 billion through the unauthorized actions of one ofits traders. The banks trader, a mid-level employee, managed to evademultiple layers of computer controls and audits for as long as a year,stacking up 4.9 billion euros ($7.09 billion) in losses for the bank.Apparently, the trader evaded the bank's security controls andoverstepped his authority to bet 50 billion euros ($73 billion), whichwas more than the bank's market value at the time, on futures inEuropean equity markets. According to news reports, the trader haddetailed understanding of back-office operations and acted alone. ButBarings was criticized for poor controls and oversight. Given these pastaudit and regulatory compliance problems, governments are expected to bemore diligent in enforcing stringent auditing and accountabilityrequirements over financial institutions and public corporations. Systemare continually needed that can fulfill the need to comply with some ormost of these requirements through monitoring.

Aside from auditing and regulatory compliance issues currently facingenterprises, critical data loss can often occur with computer systemmalfunctions. Numerous software programs running simultaneously on asingle main frame server computer system during troubleshooting and datarecovery operations, which can lead to a catastrophic computer crash inwhich history logs would not be available.

Another problem that can be encountered where sensitive processes usingcomputer systems are involved is over authorized user verification. Boththe enterprise and the employee-user of a computer system engaged insensitive functions should have concern over the un-authorized use of acomputer system by a person that may have improperly gained access tousernames or pass codes. Un-authorized actions can be taken under such ascenario leaving the legitimate employee to blame. Also, the actualassailant may never be identified.

Based on the foregoing problems, what are apparently needed are systemsand methods that enable the preservation of data and also enable dataentry logging for audit purposes. Preferably, such a system can have acompletely separate computer system that would have standaloneapplications of our product and that enables the capture and archivingof all keyboard actions by system users. The present invention addressesthis need with a remote monitoring of user input devices that will helpprotect vital information, maintain data integrity, help with theidentification of error leading to system failures and help regulatedenterprises meet regulatory compliance.

SUMMARY OF THE INVENTION

The following summary will outline some of the more pertinent featuresof the present invention. These features should be construed to bemerely illustrative of some of the more prominent features andapplications of the invention. Other beneficial results can be achievedby using the disclosed invention in a different manner or changing theinvention as will be described in more detail in the detaileddescription of the invention.

Accordingly, it is a feature of the present invention to provide for asecurity system including a precision Data Capture Recorder (DCR)adapted to non-intrusively and independently capture and recordinformation entered on a user input devices such as keyboards, mouses,and digital pads.

In accordance with another feature of the present invention, thesecurity system can include a remote base collection station (BCS)adapted to receive and archive data received from the DCR system. Thedata can be transmitted wirelessly or via physical network connectionsto a remote BCS.

A DCR can be installed along the communication link between a user inputdevice and a computer resource (i.e., “in-line” between a user'scomputer and keyboard) or the DCR can be located within the computersystem housing in order to further prevent tampering. The DCR can alsobe located within any housing associated with the user input device(e.g., keyboard).

In accordance with yet another feature of the present invention, thedata security system includes a means adapted to precisely tag dataentered into a user input device with accurate time and dateinformation. Although time and date information can be provided by theuser computer resource or user input device, more accuracy can beprovided for data entry by synchronizing data entry with atomic clock orGPS broadcasted date and time information. Atomic clock or GPSinformation can be obtained wirelessly from government wirelesstransmissions of the same via satellite.

In accordance with still another feature of the present invention, dataentry location information can be determined when mobile devices adaptedwith GPS capability are used during data entry. Location information canbe utilized where mobile computing resources (e.g., laptops, PDAs) areused.

In accordance with another feature of the present invention, the datasecurity system includes an analysis module adapted to monitor andanalyze data transmitted to and/or stored in the BCS. The analysismodule can be provided in the form of a computer system adapted withpatent recognition software or a neural network adapted to recognizedata entry patterns that are normal, abnormal, authorized, unauthorized.

The present invention can provide event correlation, auditing validationand notification through precision user input monitoring and analysis bycombining an autonomous data capturing capability, resident within usersystems, with secure, remote archiving.

In accordance with methods of using the invention, time/date/locationtagged user input data can be monitored and archived in a secure datacapture base station or secured remote server for later use inregulatory compliance, auditing, data entry backup, catastrophic systemfailure troubleshooting, and high level function/user monitoring.

In accordance with another feature of the present invention, an analysismodule can analyze user input cadence/patterns and match them with aregistered user template containing known user input cadence andpatterns to determine if received user inputs are by anauthorized/registered user.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a typical computer system, labeled as prior art,including a user input device (e.g., keyboard, mouse, keypad, etc.)connected to computer input/output port. The user computer can beconnected to a main frame computer.

FIG. 2 illustrates a system diagram of a deployment scenario whereinaccurate timing resource and remote archiving components that can beused in implementing the present invention.

FIG. 3 illustrates a data security system including a precision DataCapture Recorder (DCR) device configuration with access to accurate timeand date information and a remote DCR base station for remote data entryarchival and/or analysis. The DCR device can be installed along thecommunication path (e.g., “in line”) between the user's input device andthe user's computer, and the captured data can be transmitted wirelesslyor cabled to the DCR base station where the data can be preciselytime/date tagged using atomic clock and/or GPS synchronization of theDCR.

FIG. 4 illustrates another feature of the present invention wherein aprecision Data Capture Recorder (DCR) can be installed between a userinput device and computer resource, but within the computer resource toavoid tampering, and can include an accurate time module, which caninclude means to receive transmission form publically available Atomicclock and/or GPS resources.

FIG. 5 illustrates a mobile system including a DCR and GPS, whereinsynchronization and captured data can be transmitted wirelessly orcabled to the DCR base station for centralized data collection.

FIG. 6 illustrates an enterprise system implementation and setting,e.g., typical for financial institutions, wherein several clients areadapted with DCR capabilities are in communication with a BCS for dataarchiving.

FIG. 7A-78 illustrates exemplary entry data coding segments that can betransmitted from a DCR, and received, archived, stored by a BCS.

FIG. 8 illustrates a flow diagram of a method for capturing (e.g.,recording) user input device entries on a DCR and transmitting entriesto a BCS for archiving, in accordance with features the presentinvention.

FIG.9 illustrates a flow diagram of a method for capturing (e.g.,recording) user input device entries on a DCR and transmitting entriesto a BCS for archiving, in accordance with features the presentinvention.

FIG.10 illustrates a flow diagram of a method for capturing (e.g.,recording) user input device entries on a DCR and transmitting entriesto a BCS for archiving, in accordance with features the presentinvention.

FIG. 11 illustrates a flow diagram of a method for capturing (e.g.,recording) user input device entries on a DCR and transmitting entriesto a BCS for archiving, in accordance with features the presentinvention.

FIG. 12 illustrates a flow diagram of a method for capturing (e.g.,recording) user input device entries on a DCR and transmitting entriesto a BCS for archiving, in accordance with features the presentinvention.

FIG. 12 illustrates a flow diagram of a method for capturing (e.g.,recording) user input device entries on a DCR and transmitting entriesto a BCS for archiving, in accordance with features the presentinvention.

FIG. 13 illustrates a flow diagram of a method for capturing (e.g.,recording) user input device entries on a DCR and transmitting entriesto a BCS for archiving, in accordance with features the presentinvention.

FIG. 14 illustrates a flow diagram of a method for capturing (e.g.,recording) user input device entries on a DCR and transmitting entriesto a BCS for archiving, in accordance with features the presentinvention.

FIG. 15 illustrates a flow diagram of a method for capturing (e.g.,recording) user input device entries on a DCR and transmitting entriesto a BCS for archiving, in accordance with features the presentinvention.

FIG. 16 illustrates a flow diagram of a method for capturing (e.g.,recording) user input device entries on a DCR and transmitting entriesto a BCS for analysis of user input cadence/patterns, in accordance withfeatures the present invention.

For a more complete understanding of the present invention and theadvantages thereof, reference should be made to the following DetailedDescription taken in connection with the accompanying drawing.

DETAILED DESCRIPTION OF THE INVENTION

Referring to FIG. 1, labeled as prior art, a typical networkarchitecture 10 for an enterprise including a computer system 120 foreach user in the enterprise including a communication port 125 toprovide data network access to the computer system 120 and a user inputdevice 110 (keyboard, mouse, keypad, etc.), which is most alwaysconnected to a user computer system 120 (e.g., desktop computer) via aninput/output port 127 on the computer system. The connection isgenerally made via cabling (not shown), although wireless input devicesare also currently available. It should also be appreciated, however,that the user input device 110 can be integrated with the computersystem 120 in the case of portable computers (e.g., laptops and personaldigital assistants).

The user computer system is typically connected to a main computer 130(e.g., enterprise server) through a data network via communication ports135 (e.g., network switches, routers, etc.) associated with the maincomputer server 130. The typical enterprise computer system 10 includesseveral user computers 120 networked with a main computer server 130. Auser computer 120 includes a user input device 110 (keyboard, mouse,keypad, etc.) connected to the user computer 120 via an input/outputport 127. Most data security software when used operated within eitherof the user computer 120 or the main computer server 130, or both.

Referring to FIG. 2, a system architecture 100 for a secure system inaccordance with a feature of the present invention is illustrated. Thesecurity system can include a remote base collection station (BCS) 160adapted to receive and archive data received from the data capturerecorder (DCR) 150. A DCR 150 can be installed along the communicationlink (“in-line”) between a user input device 110 and the input/out portfor the user input device located on the computer resource 120 (i.e.,“in-line” between a user's computer and keyboard). Although the DCR 120can easily be installed within the communication link between a userinput device 110 and its connection outside of a computer system 120housing, it should also be appreciated that the DCR 150 can also belocated within the computer system's 120 housing in order to furtherprevent tampering. The DCR 120 can also be located within any housingassociated with the user input device 110. Input data can be transmittedwirelessly or via physical network connections to the remote BCS 160where it can be archived 165 and/or analyzed 167.

Although time and date information can be provided by the user computerresource or user input device, more accuracy can be provided for dataentry by synchronizing data entry with atomic clock or GPS broadcasteddate and time information. Atomic clock or GPS information can beobtained wirelessly from government wireless transmissions of the samevia satellite. Accurate date and time information can be provided withinput data to record precise data entry by a user. Accurate date andtime information can be provided by source that are readily available,yet reliable, such as atomic clock or global positioning satellitebroadcasts which are both represented by satellite icon 170 in FIG. 2.

Data entry location information can also be determined when GPScapabilities are used during data entry. Location information can beutilized where mobile computing resources (e.g., laptops, PDAs) areused, The data capture recorder 150 can monitor user input at user inputdevice 110, in real-time, and report the user inputs to a remote basecontrol system 160. Finally, atomic clock or GPS broadcast transmissionscan be received by either of the data capture recorder 150 or basecontrol system 160 to tag the data entries at the user input device 110.Accurate time resource 170 can be accessed to obtain accurate time anddate information for data entry tagging purposes, Where GPS is used asthe accurate time source, location can also be determined for DCR 150 orsupported computer resource 120, which is useful for some mobileapplications.

Referring to FIG. 3, illustrated is a data security system 200 includinga depiction of operating components that can be used to provide datasecurity within the data security system 100. A precision Data CaptureRecorder (DCR) device 127 can be configured with access to accurate timeand date information from an accurate time broadcasting system 170 and aremote DOCR base station 160 for remote data entry archival and/oranalysis. The accurate time broadcasting system can include GlobalPositioning satellites (GPS) and Atomic clock resources that areavailable to the public. The DCR device 127 can be installed along thecommunication path (e.g., “in line”) between the user's input device andthe user's computer as discussed in FIG. 1; however, data captured bythe DOCR 127 can be transmitted wirelessly or by cable to the DCR basestation 160 wherein the data can be archived for later retrieval.Archiving can include at least one of precise time/date tagging and DCRidentification together with recorded data entries.

Referring to FIG. 4, a system diagram 300 for another data securitysystem illustrates another feature of the present invention wherein aprecision Data Capture Recorder (DCR) 127 can be installed between auser input device 110 and computer resource 120, but within the computerresource 120, which can prevent tampering or user input devicesubstitution as a means to circumvent the DCR 150. Also as shown in FIG.4, a data security system can also include a DCR with an organic oraccessible accurate time module 170, which can include means to receivetransmission form publically available Atomic clock and/or GPSresources.

FIG. 5 illustrates a mobile system 400 including a DCR 150 and a GPSmodule 430 integrated within a wireless handheld device 410 isillustrated. The handheld device 410 will typically include a user inputdevice 440 (e.g., touch screen), a central processing unit 435, adisplay screen 415, and a communications module 425 that will enable thehandheld device 410 to communicate wirelessly over data networks 50.Captured data can be transmitted wirelessly from the wireless hand helddevice 410 to the base station controller 160 for centralized datacollection. Entered data can be wirelessly transmitted from the DCR 150to a BCS 160, wherein is can be processed (e.g., archived, analyzed). Aremote BCS 160 can be provided with a database/memory accessible fromserver 480 to archive and analyze data received from DCR 160. Ananalysis module (not shown) can perform real-time or scheduled analysisof stored data to detect patterns or patter variations.

FIG. 6 illustrates an enterprise system implementation 500 whereinseveral client stations 510 including DCR capabilities 150 are incommunication over a secure data network to a central computer 560adapted with BCS functionality. System architectures with several clientmachines is typical for financial institutions, wherein several clientscan be adapted with DCR capabilities in communication with a remote andsecure BCS for data archiving and analysis.

FIG. 7A-7B illustrates exemplary entry data coding segments that can betransmitted from a DCR, and received, archived, stored by a BCS. Forinstance, FIG. 7A illustrates a data stream including; a DCR ID code610, a user I/O device code 620, a time and date code 630, a locationcode 640 and user i/o data 650. FIG. 7B illustrated another exemplarydata stream that includes: a scan code 720 and auxiliary data 750. Itcan be appreciated that other coding can be captured and delivered bythe DCR for transmission to a BCS for archiving and/or analysis, andthese example data streams should not be taken as a limitation. More orless codes segments can be included in a data stream in accordance withand consistent with the teachings herein.

FIGS. 8 through 16 illustrate various methods that can be implemented inaccordance with implementing and utilizing features of the presentinvention. FIG. 8 illustrates a flow diagram 800 of a method forcapturing (e.g., recording) user input device entries on a DCR andtransmitting entries to a BCS for archiving, in accordance with featuresthe present invention. Referring to Block 810, a DCR is provided betweena user input device and a computer resource (e.g., handheld, desktopcomputer) communication path. As shown in Block 820, data entriesentered on the user input device are recorded with the DCR. Then asshown in Block 830, data entries recorded by the DCR are transmitted toa remote BCS. Finally, as shown in Block 840, data entries recorded bythe DCR are stored in a memory associated with the BCS.

FIG. 9 illustrates another flow diagram 900 for a method for capturing(e.g., recording) user input device entries on a DCR and transmittingentries to a BCS for archiving, in accordance with features the presentinvention. As shown in Block 910, a DCR is provided between in thecommunication path between a user input device and a computer resource.At Block 920, data entries input on the user input device are recordedwith the DCR. At Block 930, data entries recorded by the DOCR togetherwith date, time and DCR identification information are transmitted to aremote BCS. Then at Block 940, data entries recorded by a DCR arearchived in a memory associate with the remote BCS together with thedate and time of the data entries and DCR identification information.

FIG. 10 illustrates a flow diagram 1000 for a method for capturing(e.g., recording) user input device entries on a DCR and transmittingentries to a BCS for archiving, in accordance with features the presentinvention. As shown in Block 1010, a DCR including an accurate timemodule is provided in the communication path between a user's inputdevice and a computer resource. As shown in Block 1020, real time dataentries on the user input device are recorded with the OCR. As shown inBlock 1030, real time data entries recorded by the DCR are transmittedto a remote BCS together with accurate time of real time data entryrecording, date, and DCR identification. Then at Block 1040, the realtime data entries recorded by the DCR, together with accurate time anddate of real time entries and OCR identification information, arearchived in a memory associated with the remote BCS.

Referring to FIG. 11, a flow diagram 1100 of a method for capturing(e.g., recording) user input device entries on a DCR and transmittingentries to a BCS for archiving is illustrated, in accordance withfeatures the present invention. Referring to Block 1110, a DCR includingan accurate time and date module is provided in the communication pathbetween a user input device and a computer resource. As shown in Block1120, real time data entries input on the user input device togetherwith accurate time and date of real time entries are recorded at theDCR. As shown in Block 1130, the real time data entries recorded by theDCR together with accurate time and date of the real time data entriesand DCR identification information are transmitted to a remote BCS. Thenas shown in Block 1140, the real time data entries recorded by the DCRare archived in a memory associated with the remote BCS together withaccurate time and date of the real-time entries and the DCRidentification information.

FIG. 12 illustrates a flow diagram 1200 of another method for capturing(e.g., recording) user input device entries on a DCR and transmittingentries to a BCS for archiving, in accordance with features the presentinvention. As shown in Block 1210, a DCR including accurate time moduleis provided in the communication path between a user input device and acomputer. As shown in Block 1220, real time data entries entered on theuser input device together with accurate time and date of real time dataentries are recorded with the DCR. As shown in Block 1230, the real timedata entries recorded by the DCR together with date, time and DCRidentification are encrypted and transmitted to a remote BCS. As shownin Block 1240, the real time data entries, date, time and DCRidentification information are recorded by the DCR are received,decrypted and archived in a memory associated with the remote BCS.

FIG. 13 illustrates a flow diagram 1300 of a method for capturing (e.g.,recording) user input device entries on a DCR and transmitting entriesto a BCS for archiving, in accordance with features the presentinvention. As shown in Block 1310, a DCR including a GPS module isprovided in the communication path between a user input device and acomputer resource. Then as shown in Block 1320, real time data entriesentered on the user input device together with accurate time, date andlocation information provided by the GPS module during real time dataentry are recorded by the DCR. As shown in Block 1330, real time dataentries recorded by the DCR together with accurate time, date andlocation of entry together with DCR identification are transmitted to aremote BCS. Then as shown in Block 1340, real time data entries recordedby the DCR, together with time, date location and DCR identificationinformation, are archived in a memory associated with the remote BCS.

FIG. 14 illustrates a flow diagram 1400 of a method of receiving entriesat a BCS for archiving, in accordance with features the presentinvention. As shown in Block 1410, real time data entries recorded andtransmitted by remote DCRs together with accurate time and date of realtime data entries and DCR identification information are received at aBCS. As shown in Block 1420, the real time data entries together withDCR identification are archived in a memory associated with the BCS.

FIG. 15 illustrates a flow diagram 1500 of a method of receiving entriesat a BCS for archiving, in accordance with features the presentinvention. As shown in Block 1510, real time data entries recorded andtransmitted by remote DCRs, together with accurate time and date ofentry and DCR identification, are received at a BCS. As shown in Block1520, the real time data entries recorded and transmitted by remote DCRstogether with accurate time and date of entry and DCR identificationsare archived in a memory associated with the BCS. As shown in Block1530, event analysis is performed on the real time data entries recordedand transmitted by the remote DCRs using an analysis module associatedwith the BCS. Then as shown in Block 1540, notification is provided bythe BCS is real time data entries provided by a DCR deviate from defineddata entry patterns.

FIG. 16 illustrates a flow diagram 1600 of a method for receiving userinput device entries by DCRs at a BCS for archiving and analysis, inaccordance with features the present invention. As shown in Block 1610,real time data entries recorded and transmitted by remote DCRs, togetherwith accurate time and data of entry and DCR identification are receivedat a BCS. As shown in Block 1620, the real time data entries, togetherwith accurate time, date and DCR identification information are archivedin a memory associated with the BCS. Then as shown in Block 1630,analysis is performed on the real time data entries using an analysismodule associated with the BCS to determine user identify based on datainput cadence b registered users of computers associated with reportingDCRs. Then as shown in Block 1640, notification is provided by the BCSif the real time data entries by a reporting DCR deviate from defineddata entry patterns or if input cadence does not match a profileassociated with a registered user of a computer associated with areporting DCR.

Non-intrusive application. The device can be installed in-line betweenthe user's computer unit and the user's input device (keyboard, mouse,etc) and operates transparently with respect to the user's computersoftware. There is no software installation on the user's or usernetwork computer therefore it will not affect the performance of theuser's computer or its network computer. There are no compatibilityissues that need to be resolved as is typical with computersoftware-based systems.

Physical transparency. The device can also be installed inside theuser's computer system or within the user input device which would makeit physically transparent to the user including users with systemadministrative rights (e.g., “super users”).

Data Entry Backup. Information is collected directly from the user'sinput device and safely stored in a media that is completely separatefrom the user's computer system. Therefore, valuable data entries can berecovered and corroborated. The keystrokes are precisely date and timetagged to provide accurate history logs for regulatory auditing andsystem administrative troubleshooting.

Computer failure troubleshooting. In the case of a catastrophic computerfailure, saved information on the invented device can be used totroubleshoot the problem and determine if the failure was caused byinadvertent super user action or by a malicious company insider.

Not dependent on the user's operating system. Since the device isseparate from the user's computer, it is not dependent on the user'soperating system or any of the user's applications.

Virus free. The device would be virtually virus free since it would notbe directed connected to the internet via the user's computer. Oneapplication would be capturing keystrokes from a keyboard. The deviceitself would be impervious to viruses, spam ware, spyware, or any numberof malicious software on the host computer system.

Software monitoring tools can be blocked or disabled. Softwarekeyloggers can easily be disabled by a super user. There are alsonumerous anti-keylogging software solutions available. For example,Patent application#20070245343 describes a “System and method forblocking keyloggers”.

Precision time tagging. PC clocks rarely have a correct rate (they loseor gain time significantly). The invention device will precisely timeand date tag each user input data by means of an atomic time server inwhich accurate timing information is obtained and then used tosynchronize to the invention device's real-time clock.

GPS interface. The invention device will have a GPS receiver to obtainaccurate information on the unit's location. The Global PositioningSystem (GPS), although designed for navigation, can also provide veryprecise time synchronization (to within one microsecond of CoordinatedUniversal Time (UTC).

The critical customer needs that our product would fulfill are outlinedas follows:

Monitoring of the super user(s) of a company's main computer system.Super users are unique in that they have total access to all theresources and files within a company's computer system includingfinancial and propriety information. Monitoring software programs areinstalled by the super user and the same monitoring software can betemporarily disabled by the super user.

Regulatory Compliance. Controversial United States federal laws havebeen passed in response to a number of major corporate and accountingscandals including those affecting Enron, Tyco International, PeregrineSystems and WorldCom (recently MCI and now currently part of VerizonBusiness). These scandals resulted in a decline of public trust inaccounting and reporting practices. In the immediate future, the federalgovernment is expected to enforce stringent auditing and accountabilityrequirements. Our product may fulfill the need to comply with some ormost of these requirements.

Computer System Troubleshooting and Recovery. Because of numeroussoftware programs running simultaneously on a single main frame server,there can be a catastrophic computer crash in which history logs wouldnot be available. Our product would have a completely separate computersystem that would have standalone applications of our product and thatwould capture and archive all keyboard actions leading to any majorcomputer crash. This would be akin to the black box in the aeronauticindustry.

1. A data security system, comprising: a data capture recorder installedin the communications path between a user interface and a computersystem connected to the user interface, the data capture recorderadapted to record, time stamp user inputs at the user interface andtransmit user input data to a base collection station; and a basecollection station located remote from the data capture recorder, theuser interface and the computer system and adapted to receive user inputdata for archiving in a memory associated with the base collectionstation.
 2. The data security system of claim 1, further comprising anaccurate time module adapted to provide an accurate time stamp for userinputs entered at the user interface.
 3. The data security system ofclaim 2, wherein the accurate time module is adapted to provide anaccurate time stamp for user inputs from at least one of atomic clockand global positioning system transmissions.
 4. The data security systemof claim 1, the base collection system further comprising an analysismodule, the analysis module adapted to compare user input received fromthe data capture recorder with data input patterns stored in the memoryassociated with the base collection system.
 5. A method of providingdata security at a computer resource, comprising: providing a datacapture recorder along a communication path between a user input deviceand a computer resource; recording real-time user data input entries atthe user input device with the data capture recorder; and transmittingreal-time data entries from the data capture recorder to a remote basecollection station.
 6. The method of providing data security at acomputer resource of claim 5, including the step of providing accuratedate and time information for real-time user data input entries at theuser input device before the step of transmitting realtime data entriesfrom the data capture recorder to a remote base collection station. 7.The method of providing data security at a computer resource of claim 6,wherein accurate date and time information is provided from at least oneof atomic clock and global positioning satellite transmissions.
 8. Themethod of providing data security at a computer resource of claim 5,wherein the real-time user data input entries at the accurate date andtime information is transmitted by the data capture recorder to the basestation controller via at least one of a wireless connection and networkcable connection.
 9. The method of providing data security at a computerresource of claim 5, wherein at least one of the user input device andthe data capture recorder is uniquely identified to the base stationcontroller with at least one of a product code, identification numberand address.
 10. The method of providing data security at a computerresource of claim 5, including the step of providing accurate date, timeand location information for real-time user data input entries at theuser input device before the step of transmitting real-time data entriesfrom the data capture recorder to a remote base collection station. 11.The method of providing data security at a computer resource of claim10, wherein location information for at least one of the data capturerecorder and the user input device is obtain using GPS.
 12. The methodof providing data security at a computer resource of claim 10, whereindata including the real-time user data input entries, accurate date andtime information for the real-time user data input entries, and locationinformation for at least one of the user input device and the datacapture recorder are received by a base station controller wherein thedata is archived.
 13. The method of providing data security at acomputer resource of claim 10, wherein data including the real-time userdata input entries, accurate date and time information for the real-timedata entries, and location information for at least one of the userinput device and the data capture recorder are received by a basestation controller wherein the data is archived and analyzed todetermine if real-time data entries deviate from a defined data entrypatterns or if input cadence does not match a profile associated with aregistered user of a computer associated with the data capture recorder.14. A method of providing data security at a computer resource,comprising: providing a data capture recorder along a communication pathbetween a user input device and a computer resource; recording real-timedata entries by a user at the user input device with the data capturerecorder; providing accurate date and time information provided by atleast one of atomic clock or global positioning satellite informationfor the realtime data entries at the user input device; and transmittingreal-time data entries from the data capture recorder to a remote basecollection station via at least one of a wireless connection and networkcable connection, wherein the realtime data entries are archived. 15.The method of providing data security at a computer resource of claim14, wherein at least one of the user input device and the data capturerecorder is uniquely identified to the base station controller with atleast one of a product code, identification number and address.
 16. Themethod of providing data security at a computer resource of claim 14,including the step of obtaining location information for realtime dataentries at the user input device together with the real-time dataentries and accurate date and time information before the step oftransmitting real-time data entries from the data capture recorder to aremote base collection station, and transmitting the locationinformation to the base controller system with the real-time dataentries and accurate date and time information to the base controllersystem.
 17. The method of providing data security at a computer resourceof claim 16, wherein location information for at least one of the datacapture recorder and the user input device is obtained using GPS. 18.The method of providing data security at a computer resource of claim16, wherein data including the real-time user data input entries,accurate date and time information for the real-time user data inputentries, and location information for at least one of the user inputdevice and the data capture recorder are received by a base stationcontroller wherein the data is archived.
 19. The method of providingdata security at a computer resource of claim 16, wherein data includingthe real-time user data input entries, accurate date and timeinformation for the real-time data entries, and location information forat least one of the user input device and the data capture recorder arereceived by a base station controller wherein the data is archived andanalyzed to determine if real-time data entries deviate from a defineddata entry patterns or if input cadence does not match a profileassociated with a registered user of a computer associated with the datacapture recorder.
 20. The method of providing data security at acomputer resource of claim 16, wherein data including the real-time userdata input entries and at least one of accurate date and timeinformation for the real-time user data input entries, and locationinformation for at least one of the user input device and the datacapture recorder, are received by a base station controller wherein thedata is analyzed to determine if real-time data entries deviate from adefined data entry patterns or if input cadence does not match a profileassociated with a registered user of a computer associated with the datacapture recorder.